Description of the bug
Before the simplification of the template policy was made (Altinn/app-template-dotnet#213),
there was a minor bug in urn:altinn:example:ruleid:3 where the delete action attribute, was in the same <xacml:AnyOf><xacml:AllOf> xml node as the resource attributes identifying [ORG] and [APP].
This has probably not caused any functional/authorizational issues which seem to handle it.
But the new feature in ResourceRegistry which deconstructs the policy into all unique rules fails for all older apps with this syntax flaw (see examples below).
Steps To Reproduce
Example of an app with the flaw:
https://platform.tt02.altinn.no/resourceregistry/api/v1/resource/app_digdir_be-om-api-nokkel/policy/rules
Example of an app where the flaw has been fixed manually:
https://platform.tt02.altinn.no/resourceregistry/api/v1/resource/app_brg_virksomhetsregistrering/policy/rules
Additional Information
No response
Description of the bug
Before the simplification of the template policy was made (Altinn/app-template-dotnet#213),
there was a minor bug in urn:altinn:example:ruleid:3 where the
deleteaction attribute, was in the same<xacml:AnyOf><xacml:AllOf>xml node as the resource attributes identifying [ORG] and [APP].This has probably not caused any functional/authorizational issues which seem to handle it.
But the new feature in ResourceRegistry which deconstructs the policy into all unique rules fails for all older apps with this syntax flaw (see examples below).
Steps To Reproduce
Example of an app with the flaw:
https://platform.tt02.altinn.no/resourceregistry/api/v1/resource/app_digdir_be-om-api-nokkel/policy/rules
Example of an app where the flaw has been fixed manually:
https://platform.tt02.altinn.no/resourceregistry/api/v1/resource/app_brg_virksomhetsregistrering/policy/rules
Additional Information
No response